Connections, Certificates and Authentication

March 19, 2019

| Contributed by:

Connections

HTTP store

HTTPS store

NetScaler Gateway 10.5 and later

Web Interface 5.4

Citrix Receiver for Windows can be connected to the VDA or an ICA session can be established on windows domain-joined machines, managed devices (local and remote with or without VPN) and non-domain joined machines.

Certificates

Private (self-signed)

Root

Wildcard

Intermediate

Private (self-signed) certificates

If a private certificate is installed on the remote gateway, the root certificate of the organization’s certificate authority must be installed on the user device to successfully access Citrix resources using Citrix Receiver for Windows.

Note

If the remote gateway’s certificate cannot be verified upon connection (because the root certificate is not included in the local Keystore.), an untrusted certificate warning appears. If a user chooses to continue through the warning, a list of apps is displayed but the apps cannot be launched.

Installing root certificates

For domain-joined computers, you can use Group Policy Object administrative template to distribute and trust CA certificates.

For non-domain joined computers, the organization can create a custom install package to distribute and install the CA certificate. Contact your system administrator for assistance.

Wildcard certificates

Wildcard certificates are used on a server within the same domain.

Citrix Receiver for Windows supports wildcard certificates; however, they must be used in accordance with your organization’s security policy. In practice, an alternative to wildcard certificates is a certificate containing the list of server names with the Subject Alternative Name (SAN) extension is considered. These certificates are issued by both private and public certificate authorities.

Intermediate certificates

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the NetScaler Gateway server certificate. For information, see Configuring Intermediate Certificates.

For information about authentication methods supported by Web Interface, see Web Interface documentation.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

THIS SERVICE MAY CONTAIN TRANSLATIONS POWERED BY GOOGLE. GOOGLE DISCLAIMS ALL WARRANTIES RELATED TO THE TRANSLATIONS, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF ACCURACY, RELIABILITY, AND ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.